WO2021068777A8 - Methods and systems for internet key exchange re-authentication optimization - Google Patents

Methods and systems for internet key exchange re-authentication optimization Download PDF

Info

Publication number
WO2021068777A8
WO2021068777A8 PCT/CN2020/118193 CN2020118193W WO2021068777A8 WO 2021068777 A8 WO2021068777 A8 WO 2021068777A8 CN 2020118193 W CN2020118193 W CN 2020118193W WO 2021068777 A8 WO2021068777 A8 WO 2021068777A8
Authority
WO
WIPO (PCT)
Prior art keywords
spi
network device
notification
systems
methods
Prior art date
Application number
PCT/CN2020/118193
Other languages
French (fr)
Other versions
WO2021068777A1 (en
Inventor
Sandeep KAMPATI
Lohit S
Shubham MAMODIYA
Bharath Soma Satya MEDURI
Vishnu N
Dharmanandana Reddy POTHULA
Karthigaasri R T
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to CN202080060976.1A priority Critical patent/CN114788225A/en
Priority to EP20874417.7A priority patent/EP4026299A4/en
Publication of WO2021068777A1 publication Critical patent/WO2021068777A1/en
Publication of WO2021068777A8 publication Critical patent/WO2021068777A8/en
Priority to US17/716,470 priority patent/US20220263811A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/28Timers or timing mechanisms used in protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Methods and systems for Internet Key Exchange (IKE) re-authentication optimization are disclosed. It teaches sending, by a first network device (1201) (initiator) and a second network device (1202) (responder), a notification, i.e., a SA_TS_UNCHANGED notification which contains new Security Parameters Index (SPI) for new SA, since the SA and TS payloads are no longer being sent. It also teaches sending, by the first network device (1201) (initiator) alone, a OLD_SPI notification to map SPI of IPSec (AH/ESP) with the old IPSec SA. It also teaches combining the INIT and AUTH exchanges and encrypting them before sending said combination in the existing IKE tunnel to avoid vulnerable attacks during reauth and to reduce the total number of messages required to be transmitted to perform reauth.
PCT/CN2020/118193 2019-10-10 2020-09-27 Methods and systems for internet key exchange re-authentication optimization WO2021068777A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202080060976.1A CN114788225A (en) 2019-10-10 2020-09-27 Method and system for performing internet key exchange re-authentication optimization
EP20874417.7A EP4026299A4 (en) 2019-10-10 2020-09-27 Methods and systems for internet key exchange re-authentication optimization
US17/716,470 US20220263811A1 (en) 2019-10-10 2022-04-08 Methods and Systems for Internet Key Exchange Re-Authentication Optimization

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201931040879 2019-10-10
IN201931040879 2019-10-10

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/716,470 Continuation US20220263811A1 (en) 2019-10-10 2022-04-08 Methods and Systems for Internet Key Exchange Re-Authentication Optimization

Publications (2)

Publication Number Publication Date
WO2021068777A1 WO2021068777A1 (en) 2021-04-15
WO2021068777A8 true WO2021068777A8 (en) 2021-06-10

Family

ID=75437689

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/118193 WO2021068777A1 (en) 2019-10-10 2020-09-27 Methods and systems for internet key exchange re-authentication optimization

Country Status (4)

Country Link
US (1) US20220263811A1 (en)
EP (1) EP4026299A4 (en)
CN (1) CN114788225A (en)
WO (1) WO2021068777A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023206374A1 (en) * 2022-04-29 2023-11-02 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for providing internet protocol security communication
US11916890B1 (en) 2022-08-08 2024-02-27 International Business Machines Corporation Distribution of a cryptographic service provided private session key to network communication device for secured communications
US11924179B2 (en) 2022-08-08 2024-03-05 International Business Machines Corporation API based distribution of private session key to network communication device for secured communications

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302376A (en) * 2015-06-29 2017-01-04 中兴通讯股份有限公司 Re-authentication recognition methods, evolution packet data gateway and system
US10250578B2 (en) * 2015-11-03 2019-04-02 Qualcomm Incorporated Internet key exchange (IKE) for secure association between devices
CN106254376B (en) * 2016-09-05 2019-10-11 新华三技术有限公司 A kind of authentication and negotiation method and device
US10609008B2 (en) * 2017-06-08 2020-03-31 Nxp Usa, Inc. Securing an electronically transmitted communication

Also Published As

Publication number Publication date
US20220263811A1 (en) 2022-08-18
WO2021068777A1 (en) 2021-04-15
EP4026299A1 (en) 2022-07-13
EP4026299A4 (en) 2022-10-26
CN114788225A (en) 2022-07-22

Similar Documents

Publication Publication Date Title
WO2021068777A8 (en) Methods and systems for internet key exchange re-authentication optimization
US9787643B2 (en) Transport layer security latency mitigation
WO2019209168A3 (en) Data processing method, related apparatus, and blockchain system
IL261137A (en) System and method for performing secure communications
CA3011085A1 (en) System and method for implementing secure communications for internet of things (iot) devices
CN102088465B (en) Hyper text transport protocol (HTTP) Cookie protection method based on preposed gateway
WO2015119679A3 (en) Method and system for securely establishing cryptographic keys for aircraft-to-aircraft communications
SG10201901366WA (en) Key exchange through partially trusted third party
EP4149157A3 (en) Method and apparatus for wireless communication in wireless communication system
CN104158653A (en) Method of secure communication based on commercial cipher algorithm
WO2008030523A3 (en) Real privacy management authentication system
WO2007139794A8 (en) Encryption method for secure packet transmission
WO2008105946A3 (en) AUTOMATED METHOD FOR SECURELY ESTABLISHING SIMPLE NETWORK MANAGEMENT PROTOCOL VERSION 3 (SNMPv3) AUTHENTICATION AND PRIVACY KEYS
GB2528226A (en) Method performed by at least one server for processing a data packet from a first computing device to a second computing device to permit end-to-end
CN103338215A (en) Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm
WO2004051964A3 (en) Tunneled authentication protocol for preventing man-in-the-middle attacks
CN102111411A (en) Method for switching encryption safety data among peer-to-peer user nodes in P2P network
EP4274157A3 (en) Communicating securely with devices in a distributed control system
EP4344266A3 (en) Updating a subscriber identity module
RU2015150542A (en) AUTHENTICATION METHOD IN HIDDEN DATA TRANSFER CHANNEL
CN105245338B (en) A kind of authentication method and apparatus system
CN102780702A (en) System and method for document security transmission
CN105763566A (en) Communication method between client and server
CN106209384B (en) Use the client terminal of security mechanism and the communication authentication method of charging unit
IN2014CN03607A (en)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20874417

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020874417

Country of ref document: EP

Effective date: 20220408